OpenBSD ports changes summary for 2016-01-31 to 2016-02-07 inclusive ====================================================================
archivers/libarchive archivers/p7zip archivers/pecl-lzf archivers/pecl-rar audio/pulseaudio databases/lbdb databases/pear-DB_DataObject databases/pecl-redis devel devel/darcs devel/geany devel/hs-bimap devel/hs-cmdargs devel/hs-enclosed-exceptions devel/hs-lifted-async devel/hs-shelly devel/hs-system-fileio devel/hs-system-filepath devel/intellij devel/libgsf devel/p5-Data-Validate-IP devel/p5-File-Remove devel/p5-Glib2 devel/p5-Pango devel/pear-Config devel/pear-Console-Table devel/py-certifi devel/py-test devel/py-test-cov devel/quirks devel/ruby-rspec devel/src fonts/blockzone games/alephone games/gottcode games/manaplus geo/gdal geo/geocode-glib graphics/inkscape graphics/jasper graphics/pecl-imagick graphics/py-Pillow lang/gambit lang/php lang/racket-minimal lang/seed7 lang/vala mail/amavisd-new mail/opensmtpd-extras mail/pecl-mailparse mail/razor-agents mail/rspamd mail/zarafa math/ntl multimedia/get_iplayer multimedia/libv4l multimedia/mpv net/dnscrypt-proxy net/gdnsd net/icinga net/mldonkey net/noVNC net/ntp net/openfire net/p5-Net-PcapWriter net/pear-Services-oEmbed net/py-socks net/scapy net/socat net/unifi print/cups print/cups-pk-helper productivity/baikal security security/gnutls security/libnettle security/p5-IO-Socket-SSL security/pcsc-cyberjack security/pecl-libsodium security/pwgen security/py-M2Crypto sysutils sysutils/ansible sysutils/google-cloud-sdk sysutils/salt sysutils/vmdktool telephony/asterisk textproc/apertium-dicts textproc/calibre textproc/libxml textproc/libxml++ textproc/p5-Lingua-Stem-Ru textproc/p5-Regexp-Common textproc/p5-XML-XPath textproc/zathura www/bluefish www/chromium www/darkhttpd www/iridium www/netsurf www/p5-HTTP-BrowserDetect www/pecl-chroot www/pecl-geoip www/pecl-http www/pecl-memcache www/pecl-memcached www/pecl-proctitle www/pecl-propro www/pecl-raphf www/pecl-ssh2 www/pecl-swish www/pecl-uploadprogress www/phpmyadmin www/piwik www/py-django www/webkit www/xcache x11/awesome == archivers ========================================================= 01/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/archivers libarchive ~ Makefile ~ patches/patch-cpio_bsdcpio_1 + patches/patch-cpio_cpio_c + patches/patch-libarchive_archive_h + patches/patch-libarchive_archive_read_c + patches/patch-libarchive_archive_read_support_format_cpio_c + patches/patch-libarchive_archive_write_c + patches/patch-libarchive_archive_write_disk_3 + patches/patch-libarchive_archive_write_disk_posix_c + patches/patch-libarchive_test_test_write_disk_secure_c TAGGED OPENBSD_5_8 > Apply patches for multiple security vulnerablities; > - CVE-2013-0211: denial of service via unspecified vectors > - CVE-2015-2304: directory traveral via absolute paths > - crash/infinite loop on malformed CPIO archives > From upstream git (commits 2253154, 5935715, 3865cf2, e6c9668, 24f5de6) > via FreeBSD. > Minor bump for the new ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS option. > (naddy@) p7zip ~ Makefile ~ patch-CPP_7zip_Bundles_SFXCon_SfxCon_cpp ~ patch-CPP_7zip_UI_Console_Main_cpp > p7zip needs to pledge tty as well (in standard and SFX archives), it's > needed > for password entry. Reported by Andre S, debugging tb@, fix from Josh > Grosse. > ok tb@ (sthen@) ~ Makefile ~ patches/patch-CPP_7zip_UI_Console_Main_cpp > Further pledge(2) fallout due to password protected archives. > Listing or checking the integrity may call readpassphrase(3) > and thus requires a "tty" promise. > Report and fix by provided by Andre S, thanks! > ok czarkoff@, Josh Grosse (MAINTAINER) (tb@) pecl-lzf ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-rar ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) == audio ============================================================= 02/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/audio pulseaudio ~ Makefile ~ files/module-sndio.c > Unbreak the mixer. > from ratchov@, thanks! > req. by mpi@ > ok sthen@ jasper@ (ajacoutot@) == databases ========================================================= 03/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/databases lbdb ~ Makefile ~ distinfo > Update to lbdb-0.40. (benoit@) pear-DB_DataObject ~ Makefile ~ distinfo ~ pkg/PLIST > Update to pear-DB_DataObject-1.11.5. (benoit@) pecl-redis ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) == devel ============================================================= 04/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/devel devel ~ Makefile > Unhook devel/hs-bimap. (kili@) ~ Makefile > Hook new / revived hs-ports. (kili@) ~ Makefile > +py-certifi,python3 (shadchin@) darcs - patches/patch-darcs_cabal - patches/patch-src_Darcs_Util_Encoding_IConv_hsc ~ Makefile ~ distinfo > Update to darcs-2.10.3. (kili@) ~ Makefile > Reenable the test suite. > Fun fact: if bash isn't installed, the test suite will just hang > in select(2) waiting for stdout to become writable. So add shells/bash > to TEST_DEPENDS. (Any brave soul may try this on some linux without > bash, it would be interesting to know wether it hangs there, too) (kili@) geany ~ Makefile > Explicitely set --enable-api-docs=no ; otherwise doxygen might be found > at configure time and dpb(1) may remove it in the middle of the build. > (ajacoutot@) hs-bimap - Makefile - distinfo - pkg/DESCR - pkg/PLIST > Remove devel/hs-bimap. (kili@) hs-cmdargs + Makefile + distinfo + pkg/DESCR + pkg/PLIST > Revive devel/hs-cmdargs. > ok sthen@ (kili@) hs-enclosed-exceptions + Makefile + distinfo + pkg/DESCR + pkg/PLIST > New import: > Import devel/hs-enclosed-exceptions. hs-lifted-async + Makefile + distinfo + pkg/DESCR + pkg/PLIST > New import: > Import devel/hs-lifted-async. hs-shelly + Makefile + distinfo + pkg/DESCR + pkg/PLIST > New import: > Import devel/hs-shelly. hs-system-fileio + Makefile + distinfo + pkg/DESCR + pkg/PLIST > New import: > Import devel/hs-system-fileio. hs-system-filepath + Makefile + distinfo + pkg/DESCR + pkg/PLIST > New import: > Import devel/hs-system-filepath. intellij ~ Makefile ~ files/idea.1 > There is a special mdoc macro, .Lk, for hyperlinks like that. (zhuk@) libgsf ~ Makefile ~ distinfo > Update to libgsf-1.14.35 (buffer underflow error). > ok jasper@ (ajacoutot@) p5-Data-Validate-IP ~ Makefile ~ distinfo > update p5-Data-Validate-IP to 0.25 (bluhm@) p5-File-Remove ~ Makefile ~ distinfo > Update to p5-File-Remove-1.55. (benoit@) p5-Glib2 ~ Makefile ~ distinfo > Update to p5-Glib2-1.321. (benoit@) p5-Pango ~ Makefile ~ distinfo > Update to p5-Pango-1.227. (benoit@) pear-Config ~ Makefile ~ distinfo ~ pkg/PLIST > Update to pear-Config-1.10.12. (benoit@) pear-Console-Table ~ Makefile ~ distinfo > Update to pear-Console-Table-1.3.0. (benoit@) py-certifi ~ Makefile ~ distinfo ~ patches/patch-certifi_core_py ~ patches/patch-setup_py ~ pkg/PLIST > Add python3 flavor and update version (no functional change) (shadchin@) py-test ~ Makefile ~ distinfo > Bugfix update to py-test 2.8.7 (shadchin@) py-test-cov ~ Makefile ~ distinfo > Bugfix update to py-test-cov 2.2.1 (shadchin@) quirks ~ Makefile ~ files/Quirks.pm > Register removal of hs-bimap. (kili@) ~ Makefile ~ files/Quirks.pm > Remove the removal of hs-cmdargs. (kili@) ~ Makefile ~ files/Quirks.pm > In OpenBSD 4.5 p5-Module-Pluggable moved to perl core, so a quirk was used > to > remove the package if installed. This was then removed from perl core > again, > a port was added, but the quirk wasn't removed, so people who *don't* clean > their /usr/libdata between updates would have the new version from packages > removed, and people who *do* clean would see a message like this, > "Not removing p5-Module-Pluggable-5.2 , > /usr/libdata/perl5/Module/Pluggable.pm not found" > Remove from quirks to fix. (sthen@) ruby-rspec ~ specinfra/Makefile ~ specinfra/distinfo > update to specinfra-2.50.4 (jasper@) src ~ Makefile ~ distinfo > update to devel/src 1.3 > See http://www.catb.org/~esr/src/NEWS for what changed. > OK aja@ (rpe@) == fonts ============================================================= 05/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/fonts blockzone ~ Makefile ~ pkg/DESCR > adjust wording (noticed by naddy last year) > from frederic cambus (jung@) == games ============================================================= 06/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/games alephone - scenarios/marathoninfinity/pkg/patch-Source_Files_FFmpeg_Movie_cpp - scenarios/marathoninfinity/pkg/patch-Source_Files_FFmpeg_SDL_ffmpeg_c ~ alephone/Makefile ~ alephone/distinfo ~ scenarios/Makefile.inc ~ scenarios/marathon/Makefile ~ scenarios/marathon/distinfo ~ scenarios/marathon/pkg/PLIST ~ scenarios/marathon2/Makefile ~ scenarios/marathon2/distinfo ~ scenarios/marathon2/pkg/PLIST ~ scenarios/marathoninfinity/Makefile ~ scenarios/marathoninfinity/distinfo ~ scenarios/marathoninfinity/pkg/PLIST > Update to alephone-1.2.1. > Release notes: > https://github.com/Aleph-One-Marathon/alephone/releases/tag/release-2015062 > 0 > ok phessler@ (maintainer) (bentley@) gottcode ~ simsu/Makefile ~ simsu/distinfo ~ simsu/pkg/PLIST > Update to simsu-1.3.2. (benoit@) manaplus ~ Makefile ~ distinfo ~ pkg/PLIST > Update to manaplus-1.6.1.30. (benoit@) == geo =============================================================== 07/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/geo gdal ~ Makefile ~ distinfo ~ patches/patch-configure > Bugfix update to GDAL 2.0.2. > See https://trac.osgeo.org/gdal/wiki/Release/2.0.2-News for details. > Bump major as two function signatures changed. (landry@) geocode-glib ~ Makefile ~ distinfo ~ pkg/PLIST > update to geocode-glib-3.18.1 (jasper@) == graphics ========================================================== 08/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/graphics inkscape ~ Makefile + patch-src_util_expression-evaluator_cpp > Add a patch to inkscape from Rafael Sadowski, fixing very frequent > segfaults > with spinbuttons with malloc's "baby junking" default (indicating a likely > use-after-free). Additional testing from Laurence Tratt. (sthen@) jasper ~ Makefile ~ patches/patch-src_libjasper_base_jas_image_c ~ patches/patch-src_libjasper_base_jas_seq_c > Security fix for CVE-2016-2089, patch from redhat bz. > ok sthen@ (jasper@) ~ Makefile ~ patches/patch-src_libjasper_base_jas_image_c ~ patches/patch-src_libjasper_base_jas_seq_c TAGGED OPENBSD_5_8 > Security fix for CVE-2016-2089, patch from redhat bz. (jasper@) pecl-imagick ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) py-Pillow ~ Makefile + patches/patch-libImaging_PcdDecode_c > Add upstream patch to py-Pillow, fixing a buffer overflow in PcdDecode.c, > where the decoder writes assuming 4 bytes per pixel into a 3 byte per pixel > wide buffer, allowing writing 768 bytes off the end of the buffer. This > overwrites objects in Python's stack, leading to a crash. > https://github.com/python-pillow/Pillow/pull/1706 > (There's also a newer upstream release but that will need additional > checking before it can go in). (sthen@) == lang ============================================================== 09/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang gambit ~ Makefile > "cc1: out of memory allocating 1608 bytes". > Adding -O0 for the next bulk build. I don't have a machine where to > test the workaround. I will remove the comment when I know if that > helps with the bug or not. (juanfra@) php ~ 5.6/patches/patch-sapi_cgi_cgi_main_c ~ 5.6/patches/patch-php_ini-production ~ 5.6/patches/patch-php_ini-development > sync patches, no pkg change (sthen@) - files/MESSAGE-ext - files/MESSAGE-main - files/UNMESSAGE-ext - files/UNMESSAGE-main ~ Makefile.inc ~ php.port.mk ~ 5.4/Makefile ~ 5.4/pkg/PLIST-main ~ 5.5/Makefile ~ 5.5/pkg/PLIST-main ~ 5.6/Makefile ~ 5.6/pkg/PLIST-main ~ 7.0/Makefile ~ 7.0/pkg/PLIST-main + files/README-main > move php MESSAGE/UNMESSAGE to a README instead, fleshed out with a > little more information about how to use it with different web servers. > feedback/OK jasper@ aja@, bumps etc to follow. (sthen@) ~ 5.6/Makefile ~ 5.6/distinfo + 5.6/patches/patch-Zend_zend_alloc_c + 5.6/patches/patch-ext_mcrypt_mcrypt_c + 5.6/patches/patch-ext_session_session_c + 5.6/patches/patch-ext_standard_password_c + 5.6/patches/patch-ext_suhosin_execute_c > security update to php-5.6.18, fixes include crashes, integer overflows, > and updating the bundled pcre (also security fixes). > add patches to use arc4random_buf instead of /dev/urandom (which is > typically not available on a normal OpenBSD php installation, with very > bad fallbacks in some cases). > testing of arc4random bits from martijn@, ok robert@ (sthen@) ~ 5.5/Makefile ~ 5.5/distinfo ~ 5.5/pkg/PLIST-main + 5.5/patches/patch-Zend_zend_alloc_c + 5.5/patches/patch-ext_mcrypt_mcrypt_c + 5.5/patches/patch-ext_session_session_c + 5.5/patches/patch-ext_standard_password_c + 5.5/patches/patch-ext_suhosin_execute_c > security update to php-5.5.32, fixes include crashes, integer overflows, > and updating the bundled pcre (also security fixes). > add patches to use arc4random_buf instead of /dev/urandom (which is > typically not available on a normal OpenBSD php installation, with very > bad fallbacks in some cases). > ok robert@ (sthen@) racket-minimal ~ Makefile > Disable temporally the JIT on PowerPC. (juanfra@) seed7 ~ Makefile ~ distinfo > Update to seed7-20160130. (benoit@) vala ~ Makefile ~ distinfo > update to vala-0.30.1 (jasper@) == mail ============================================================== 10/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail amavisd-new ~ patches/patch-amavisd ~ patches/patch-amavisd_conf ~ patches/patch-amavisd_conf-default > regen patches, no pkg change (sthen@) opensmtpd-extras ~ Makefile ~ distinfo ~ pkg/PLIST-main > update to latest snapshot 201602042118 which fixes multiple filter issues > ok giovanni (jung@) pecl-mailparse ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) razor-agents ~ Makefile ~ patches/patch-Makefile_PL + patches/patch-bin_razor-admin + patches/patch-bin_razor-check + patches/patch-bin_razor-report + patches/patch-bin_razor-revoke + patches/patch-lib_Razor2_Client_Agent_pm > Remove "use lib qw(lib)" which is useless and breaks startup if the cwd > is inaccessible. Specifically: fixes amavisd-new startup if razor-agents > is installed (rc.d cd's to the *startup* user's home, i.e. /root, but > this is normally unreadable for the unprivileged user). Remove a useless > FAKE_FLAGS while there. ok ajacoutot@ (sthen@) rspamd ~ Makefile ~ distinfo ~ pkg/PLIST > update to rspamd-1.1.2 (sthen@) zarafa ~ zarafa/Makefile ~ zarafa/pkg/PLIST-web > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) == math ============================================================== 11/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/math ntl ~ Makefile ~ distinfo ~ patches/patch-src_DoConfig ~ patches/patch-src_VERSION_INFO ~ pkg/PLIST > Update to ntl-9.6.4. (benoit@) == multimedia ======================================================== 12/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/multimedia get_iplayer ~ Makefile ~ distinfo ~ patches/patch-get_iplayer > update to a newer get_iplayer snapshot, fixing a problem reported by jmc > where tv listings were fetched unnecessarily (sthen@) ~ Makefile ~ distinfo > update snap, and print the commit id in the version string (sthen@) libv4l ~ Makefile ~ distinfo ~ patches/patch-lib_libv4l2_v4l2convert_c ~ patches/patch-lib_libv4lconvert_libv4lsyscall-priv_h > Update to libv4l 1.10.0 > OK czarkoff@ (feinerer@) mpv - patches/patch-DOCS_man_options_rst - patches/patch-TOOLS_old-configure - patches/patch-TOOLS_old-makefile ~ Makefile ~ distinfo ~ pkg/PLIST > update to mpv-0.15.0 > changes: > - old-configure is gone, so use waf > - instead of patching cd/dvd device names, use sed > - explicitly disable dependencies we don't have but may get in future > ok, tweaks and testing bentley@, jasper@ and sthen@ (czarkoff@) ~ Makefile > unbreak mpv on i386 > tested by kili@, ok sthen@ (czarkoff@) == net =============================================================== 13/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net dnscrypt-proxy - pkg/patch-src_libevent-modified_evutil_rand_c ~ Makefile ~ distinfo ~ pkg/PLIST-main > Update to dnscrypt-proxy 1.6.1 > - Security: malformed packets could cause the OpenDNS deviceid, > OpenDNS set-client-ip, blocking and AAAA blocking plugins to use > uninitialized pointers, leading to a denial of service or possibly > code execution. The vulnerable code is present since dnscrypt-proxy > 1.1.0. OpenDNS users and people using dnscrypt-proxy in order to block > domain names and IP addresses should upgrade as soon as possible. (sthen@) - patches/patch-src_libevent-modified_evutil_rand_c ~ Makefile ~ distinfo ~ pkg/PLIST-main TAGGED OPENBSD_5_8 > Update to dnscrypt-proxy 1.6.1 > - Security: malformed packets could cause the OpenDNS deviceid, > OpenDNS set-client-ip, blocking and AAAA blocking plugins to use > uninitialized pointers, leading to a denial of service or possibly > code execution. The vulnerable code is present since dnscrypt-proxy > 1.1.0. OpenDNS users and people using dnscrypt-proxy in order to block > domain names and IP addresses should upgrade as soon as possible. (sthen@) ~ Makefile ~ pkg/README-main ~ pkg/dnscrypt_proxy.rc TAGGED OPENBSD_5_8 > Update pkg-readme and rc script for dnscrypt-proxy; "-R opendns" was the > package's old default but this has been replaced in the csv file since > the OpenDNS acquisition. > There is now no default; select a server yourself and configure it as shown > in the readme. (sthen@) gdnsd ~ Makefile ~ pkg/gdnsd.rc > Unbreak rc.d script. > reported by jung@ (ajacoutot@) icinga ~ web2/Makefile ~ web2/distinfo > Update to 2.1.2 > OK sthen@ (MAINTAINER) (sebastia@) - web2/pkg/patch-library_Icinga_Application_Modules_Manager_php ~ web2/Makefile ~ web2/patch-library_Icinga_Application_ApplicationBootstrap_php ~ web2/patch-modules_setup_application_views_scripts_form_setup-welcome_phtml ~ web2/pkg/PLIST ~ web2/pkg/README > Remove patches from the icingaweb2 package that were hacking around the > mismatch between chrooted and non-chrooted paths (there are both CLI > scripts and a web app; both need to refer to the same paths and as well > as being complicated, the patches weren't quite working correctly, > as noticed by sebastia@). > Now you must setup a symlink "/var/www/var/www -> .." instead as > described in the new version of the pkg-readme, allowing icingaweb2 to > always use /var/www paths whether inside or outside the jail. > Note: Existing users of this package will need to create that symlink too. > (sthen@) mldonkey ~ patches/patch-config_configure_in > Do not redirect the output of "gmake depend" to /dev/null, so we > can have a better clue of what's going on (dcoppa@) noVNC ~ Makefile ~ distinfo > add a couple more commits from bmc-support to noVNC, replace ATEN iKVM > detection heuristic and cover additional supermicro X10/X11 iKVM. (sthen@) ntp ~ Makefile ~ distinfo + patches/patch-tests_libntp_ssl_init_c > Security update to 4.2.8p6. This addresses numerous security issues. > (naddy@) ~ Makefile ~ distinfo + patches/patch-tests_libntp_ssl_init_c TAGGED OPENBSD_5_8 > Security update to 4.2.8p6. This addresses numerous security issues. > (naddy@) openfire ~ Makefile ~ distinfo > Update to openfire-4.0.1. > from Marc Peters (maintainer) (benoit@) p5-Net-PcapWriter ~ Makefile ~ distinfo > update p5-Net-PcapWriter to 0.724 (bluhm@) pear-Services-oEmbed ~ Makefile ~ distinfo > Update to pear-Services-oEmbed-0.2.1. (benoit@) py-socks ~ Makefile ~ distinfo ~ pkg/PLIST > Update to py-socks 1.5.6 and take maintainer. (shadchin@) scapy - patches/patch-scapy_arch_pcapdnet_py ~ Makefile ~ distinfo ~ patches/patch-scapy_arch_unix_py ~ patches/patch-scapy_config_py ~ patches/patch-scapy_sendrecv_py ~ patches/patch-setup_py ~ pkg/PLIST + patches/patch-test_regression_uts + patches/patch-test_run_tests > update to scapy-2.3.2, from Daniel Jakots, earlier version ok armani@ > (sthen@) socat ~ Makefile ~ distinfo ~ patches/patch-xio-openssl_c > security update to socat-1.7.3.1, ok jasper@ nigel@ > - A stack overflow in vulnerability was found that can be triggered when > command line arguments (complete address specifications, host names, > file names) are longer than 512 bytes. > - In the OpenSSL address implementation the hard coded 1024 bit DH p > parameter was not prime. [..] Fix: generated a new 2048bit prime. (sthen@) ~ Makefile ~ distinfo ~ patches/patch-xio-openssl_c TAGGED OPENBSD_5_8 > MFC security update to socat-1.7.3.1 > - A stack overflow in vulnerability was found that can be triggered when > command line arguments (complete address specifications, host names, > file names) are longer than 512 bytes. > - In the OpenSSL address implementation the hard coded 1024 bit DH p > parameter was not prime. [..] Fix: generated a new 2048bit prime. (sthen@) unifi ~ Makefile ~ distinfo ~ pkg/PLIST > update to unifi-4.8.12, at long last adding a gui for minimum rssi (in > configuration/radios, and it's properly specified in dBm rather than > whatever unknown unit the old config.properties used). > More info on the update at > https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-4-8-12-is-released/b > a-p/1468911 > (the cloud login stuff needs a java binary module so is disabled here). > (sthen@) == print ============================================================= 14/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/print cups ~ Makefile ~ distinfo > Maintenance update to cups-2.1.3. > *yes* this is a maintenance update during soft-lock but considering half of > the help request emails I get during a release cycle are about printing, I > prefer having the most recent code around; it seems UNIX printing is still > somewhat a Black Art for people. > ok sthen@ jasper@ (ajacoutot@) cups-pk-helper ~ Makefile ~ distinfo ~ pkg/PLIST > Update to cups-pk-helper-0.2.6. (ajacoutot@) == productivity ====================================================== 15/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/productivity baikal ~ Makefile > drop MAINTAINER for i don't use this anymore (jasper@) == security ========================================================== 16/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/security security ~ Makefile > Hook up pcsc-cyberjack (feinerer@) gnutls ~ Makefile ~ distinfo > Bugfix update to gnutls-3.3.21. (ajacoutot@) libnettle ~ Makefile + patches/patch-ecc-256_c + patches/patch-x86_64_ecc-384-modp_asm TAGGED OPENBSD_5_8 > - Security fixes for CVE-2015-8803 - CVE-2015-8805 > - -current is not affected after the update to 3.2 > ok aja@ (MAINTAINER) (jasper@) p5-IO-Socket-SSL ~ Makefile ~ distinfo > update p5-IO-Socket-SSL to 2.023 (bluhm@) pcsc-cyberjack + Makefile + distinfo + patches/patch-configure_ac + patches/patch-cjeca32_Debug_cpp + patches/patch-Makefile_am + patches/patch-cjeca32_RSCTCriticalSection_cpp + patches/patch-include_driver_Platform_unix_h + patches/patch-include_driver_Debug_h + patches/patch-ifd_Makefile_am + pkg/PLIST + pkg/DESCR > New import: > Import pcsc-cyberjack 3.99.5final.SP08 pecl-libsodium ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) ~ Makefile ~ pkg/DESCR > Tweak pecl-libsodium DESCR and link to > https://paragonie.com/book/pecl-libsodium (sthen@) pwgen ~ Makefile ~ patches/patch-configure_in ~ patches/patch-pwgen_c > autoconf bits for pledge (jasper@) py-M2Crypto ~ Makefile ~ distinfo ~ patches/patch-SWIG__ssl_i > - update security/py-M2Crypto to 0.23.0 > - add pre-test target to enable make test > OK sthen@, aja@ (rpe@) == sysutils ========================================================== 17/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/sysutils sysutils ~ Makefile > +vmdktool (ajacoutot@) ansible ~ Makefile ~ distinfo > update sysutils/ansible to 2.0.0.2 > - has a work around for callback API change for v2_playbook_on_start > OK sthen@, aja@ (rpe@) google-cloud-sdk ~ Makefile ~ distinfo ~ patch-lib_googlecloudsdk_core_config_py ~ patch-lib_googlecloudsdk_core_docker_docker_py ~ patch-lib_googlecloudsdk_core_updater_local_state_py ~ pkg/PLIST > Update to google-cloud-sdk-92.0.0. (ajacoutot@) ~ Makefile > Setting NO_BUILD would remove the dependency on python. (ajacoutot@) ~ Makefile ~ distinfo ~ pkg/PLIST > Update to google-cloud-sdk-93.0.0. (ajacoutot@) ~ Makefile ~ distinfo ~ pkg/PLIST > Update to google-cloud-sdk-94.0.0. (ajacoutot@) ~ Makefile ~ distinfo ~ pkg/PLIST > Update to google-cloud-sdk-95.0.0. > - add support for subnets (ajacoutot@) salt ~ Makefile ~ distinfo > Update to salt-2015.8.5. (ajacoutot@) vmdktool + distinfo + Makefile + pkg/PLIST + pkg/DESCR > New import: > Import vmdktool-1.4. == telephony ========================================================= 18/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/telephony asterisk ~ Makefile ~ distinfo > security update to asterisk-13.7.1 (if anyone has time to look at > pulling -stable up to 11.21.1, that would be appreciated..) > BEAST vulnerability in HTTP server > http://downloads.digium.com/pub/security/AST-2016-001.html > File descriptor exhaustion in chan_sip > http://downloads.digium.com/pub/security/AST-2016-002.html > Remote crash vulnerability when receiving UDPTL FAX data. > http://downloads.digium.com/pub/security/AST-2016-003.html (sthen@) == textproc ========================================================== 19/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/textproc apertium-dicts ~ dan/Makefile ~ dan/distinfo ~ dan-nor/Makefile ~ dan-nor/distinfo ~ dan-nor/pkg/PLIST ~ nno/Makefile ~ nno/distinfo ~ nno-nob/Makefile ~ nob/Makefile ~ nob/distinfo > Update to apertium-dan-nor-1.2.2. > This brings in some dictionary updates: > apertium-dan-0.3.0 > apertium-nno-0.5.0 > apertium-nob-0.5.1 > Bump apertium-nno-nob, as it is also generated from these dictionaries. > (bentley@) ~ dan-nor/Makefile ~ dan-nor/distinfo > Update to apertium-dan-nor-1.2.2. (bentley@) calibre ~ Makefile ~ distinfo ~ pkg/PLIST > update to calibre-2.50.1 (sthen@) libxml ~ Makefile TAGGED OPENBSD_5_8 > The patches that we fetch from upstream git have a "cgit+version" in the > footer. > However upstream recently updated their cgit so the footer changed from > "cgit v0.11.2" to "cgit v0.12" which caused a checksum mismatch. > Mirror the patches elsewhere instead of playing catch-up whenever there's a > new cgit release. > checksum mismatch noticed by sven falempin (jasper@) libxml++ ~ Makefile > Add PORTROACH to limit this to version 2.X. (ajacoutot@) p5-Lingua-Stem-Ru ~ Makefile ~ distinfo > Update to p5-Lingua-Stem-Ru-0.02. (benoit@) p5-Regexp-Common ~ Makefile ~ distinfo > update p5-Regexp-Common to 2016020301 (bluhm@) p5-XML-XPath ~ Makefile ~ distinfo > Update to p5-XML-XPath-1.28. (benoit@) ~ Makefile ~ distinfo > Update to p5-XML-XPath-1.29. (benoit@) zathura ~ core/Makefile ~ plugins/Makefile.inc ~ plugins/cb/Makefile ~ plugins/djvu/Makefile ~ plugins/mupdf/Makefile ~ plugins/poppler/Makefile ~ plugins/ps/Makefile > Add core as a RUN_DEPENDS of the plugins. Change core COMMENT. > OK sthen@. (juanfra@) == www =============================================================== 20/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www bluefish ~ Makefile ~ distinfo ~ pkg/PLIST > Update to bluefish-2.2.8. (benoit@) chromium - patches/patch-ui_views_mus_aura_init_cc ~ Makefile ~ patches/patch-content_browser_browser_main_loop_cc ~ patches/patch-content_renderer_renderer_main_cc > since we are not using the Zygote model, make sure to initialize the > sandbox ipc channel for the renderer in order to get proper font > handling outside of the sandbox if necessary (robert@) ~ Makefile ~ distinfo ~ pkg/PLIST > update to 48.0.2564.103 (robert@) darkhttpd ~ Makefile ~ distinfo > Update to darkhttpd-1.12. (benoit@) iridium ~ Makefile ~ patch-chrome_browser_chrome_content_browser_client_cc ~ patch-chrome_chrome_browser_gypi ~ patch-content_browser_browser_main_loop_cc ~ patch-content_browser_child_process_launcher_cc ~ patch-content_content_browser_gypi ~ patch-content_renderer_renderer_main_cc ~ patch-third_party_libjpeg_turbo_libjpeg_gyp + patch-chrome_browser_chrome_browser_main_linux_cc + patch-media_audio_audio_manager_cc + patch-media_audio_audio_manager_h > switch to libjpeg_turbo and merge the sandbox font handling patches from > chromium (robert@) netsurf ~ libnsgif/Makefile + libnsgif/patches/patch-src_libnsgif_c TAGGED OPENBSD_5_8 > stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) > (jasper@) ~ libnsbmp/Makefile + libnsbmp/patches/patch-src_libnsbmp_c TAGGED OPENBSD_5_8 > Security fixes for heap overflow (CVE-2015-7508) and out-of-bounds read > (CVE-2015-7507) (jasper@) p5-HTTP-BrowserDetect ~ Makefile ~ distinfo > Update to p5-HTTP-BrowserDetect-2.08. (benoit@) pecl-chroot ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-geoip ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-http ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-memcache ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-memcached ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-proctitle ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-propro ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-raphf ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-ssh2 ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-swish ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) pecl-uploadprogress ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) phpmyadmin ~ Makefile ~ distinfo > Security update to 4.4.15.4 > Fixes: > PMSA-2016-[1-7], PMSA-2016-8 and PMSA-2016-9 do not affect us (giovanni@) ~ Makefile ~ distinfo ~ pkg/PLIST TAGGED OPENBSD_5_8 > Security update to 4.4.15.4 > Fixes: > PMSA-2016-[1-7], PMSA-2016-8 and PMSA-2016-9 do not affect us > ok jasper@ (giovanni@) piwik ~ Makefile ~ distinfo ~ pkg/PLIST > Security update to 2.15.0 (giovanni@) ~ Makefile ~ distinfo ~ pkg/PLIST TAGGED OPENBSD_5_8 > Security update to 2.15.0 > ok jasper@ (giovanni@) py-django ~ lts/Makefile ~ lts/distinfo ~ lts/pkg/PLIST ~ stable/Makefile ~ stable/distinfo ~ stable/pkg/PLIST > update django to 1.9.2 and 1.8.9. > ok jasper@ benoit@ (rpointel@) webkit ~ Makefile + patches/patch-Source_WebCore_platform_ScrollView_cpp TAGGED OPENBSD_5_8 > Fix for CVE-2014-1748. (ajacoutot@) ~ Makefile + patches/patch-Source_WebCore_platform_ScrollView_cpp TAGGED OPENBSD_5_8 > SECURITY fix for CVE-2014-1748. (ajacoutot@) xcache ~ Makefile ~ pkg/PLIST > Bump pecl-* and a couple of other ports which have now lost their > MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about > activating these have been rolled into the general PHP pkg-readmes file. > OK/feedback aja@ jasper@ (sthen@) == x11 =============================================================== 21/21 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/x11 awesome - patches/patch-event_c - patches/patch-objects_client_c ~ Makefile ~ distinfo > Update to awesome-3.5.8 (dcoppa@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
